Security Engineer ( Threat & Vulnerability Management )

5 - 7 years experience  • 

Salary depends on experience
Posted on 03/27/18
Ann Arbor, MI
5 - 7 years experience
Salary depends on experience
Posted on 03/27/18

RESPONSIBILITIES AND DUTIES

Vulnerability Management

  • The Security Engineer (Compliance) will lead the vulnerability management process including: configuring and running scans, evaluating results, opening, and managing tickets to resolve vulnerabilities, and maintaining the relationship with other teams to get vulnerabilities addressed.
  • Vulnerability scanning will expand to include regular, routine Web Application scans as well as network-based vulnerabilities.
  • The Security Engineer (Compliance) will create and execute the reporting needed to update management and executive leadership regarding the current threat landscape and status of patching and vulnerability management.

Tools & Engineering

  • Maintains the vulnerability management tools to ensure they’re healthy and regularly updated.
  • Configures security scanning tools to expand existing configuration, implement new controls, and take advantage of new or unused features.
  • Participates in regularly testing use cases to ensure vulnerability management solutions do not impact critical systems and business processes.
  • Will work with the compliance and other teams to implement and complete the vulnerability management scanning and remediation to meet SOX, PCI, or internal policy requirements.

Documentation

  • The Security Engineer (Compliance) will create, update, and maintain vulnerability management environment, technical, process & procedure documentation.
  • Compiles and analyzes data for reporting and metrics.
  • The Security Engineer (Compliance) will create the dashboarding and reporting for the vulnerability management program.

Qualifications

  • Candidate should have experience understanding vulnerabilities, Common Vulnerability Scores (CVS) as well as creating, executing, and tracking remediation plans.
  • Candidate should be familiar with and be able to create, configure and execute vulnerability scanning jobs, dashboarding and reporting.
  • Fluent with Linux (RHEL, Ubuntu) and UNIX fundamentals.
  • Knowledge of constructing PostgreSQL and SQL query strings
  • Experience with API’s as a consumer
  • Experience with Python, Node, Ruby, etc.
  • Experience performing network vulnerability assessments beyond using automated tools
  • The candidate should have the ability to remain calm in pressure situations and adapt quickly to change.

Qualification Requirements

  • Bachelor’s Degree in Computer Science, Information Technology, Engineering, or a related field.
  • 5+ years of information security experience.
  • Candidate should have 1-2 years of experience with technologies such as the Rapid 7 Nexpose, Nessus Tenable, or Qualys Scanning platforms.
  • A background in networking, systems administration, or software development a plus.

Preferred Requirements

  • Candidate should hold a current CISSP and have 5 years of information security experience.
  • A background in networking, systems administration, or software development a plus.

24498BR

Not the right job?
Join Ladders to find it.
With a free Ladders account, you can find the best jobs for you and be found by over 20,0000 recruiters.